Agenda | June 3, 2022 | 10:00 AM - 5:30 PM EDT
Check-In Opens (and goes ALL DAY)
LOCATION IN HOTEL: PALM FOYER
Get checked in for the action-packed full day ahead and grab a bite to eat during our morning networking event and free breakfast!
Welcome & Opening Remarks
Dean Parsons, SANS Instructor & Subject Matter Expert
30 ICS Ransomware Outages - Why Criticality Boundaries Matter
This presentation looks at 30 ransomware incidents that caused industrial production outages in 2020 and 2021 and looks at what conclusions we can draw from the incidents. Ransomware tools and techniques trail nation-states by only a few years. Cloud-seeded ransomware is coming. There are only 3 ways that ransomware can impact physical operations. All three ways have to do with the difference between control-critical and business-critical networks. Experts from all over the ICS/OT security space are weighing in as to the right way to manage criticality boundaries.
Andrew Ginter, VP Industrial Security, Waterfall Security Solutions
First of its Kind – How SIBERprotect Responds at Machine Speed to Protect Industrial Control Systems
SIBERprotect is a one-of-a-kind, patent pending, cyber-physical response solution to protect against OT cyberthreats. SIBERprotect enables sub-second active responses like network quarantine, emergency equipment activation, setpoint forcing and more – all tailored to the status of the OT system. Since not every threat, nor response is the same, SIBERprotect is customizable to fit nearly every industrial operation. In this session you will learn how SIBERprotect utilizes the latest threat detection, automation, and controls technology to help OT systems become harder to hack and quicker to recover. Because cyberattacks act at machine speed – SIBERprotect responds at machine speed.
Chuck Tommey, GICSP, CEH, P.E. Digital Connectivity Executive, Siemens Digital Industries
Moving Target Defense and Industrial Control Systems
Through over 20 publications and updates, standards in the United States have changed to call for using moving target defense in everything from baseline to critical settings. What does that look like in an operational technology network, and what processes work to drive the shift within institutions where people struggle to agree on the color of an orange? We'll cover four topics: remote access, OT DMZ unification, data streaming, and data transfer.
Ian Schmertzler, President, Dispel
Converse with fellow cybersecurity attendees over a delicious lunch including assorted carving stations and sweet treats!
Network Access Policy Hardening for OT
As shown through multiple high-profile cybersecurity attacks, organizations have to shut down operation when their mission-critical assets are breached. Traditional IT solutions are often too complex or incompatible with the requirements of OT environments. As the thread landscape heightens, organizations have to adopt and implement a risk-based security program in which continuous verification of network access policy plays a crucial role. This presentation will introduce the three foundations of a robust cyber resiliency program and provide practical recommendations to reduce OT network exposure.
Robin Berthier, CEO and Co-Founder Network Perception
Proposed Proactive Tasks for Improved ICS/OT Cybersecurity
In February and March of 2022, we surveyed over 900 ICS businesses which revealed significant shortfalls in organization’s approach to handling cyber security events. Cyber-attacks have affected manufacturing and energy supply and some ICS tends indicate a respond to cyber threats on case-by-case basis, instead of perhaps planned and formally executed. To avoid loss of productivity, defend against common initial intrusion vectors, it is important to have an approach that enables the detection of threats early and drives quick recovery actions. This session will explore the capabilities needed to minimize damage, with the status of incidents based on Trend Micro’s recent survey results, and the keys to countermeasures as seen from real-world case studies.
William J. Malik, Vice President, Infrastructure Strategies, Trend Micro Incorporated
Product Security Meets Detection and Response
What is product security? In connected equipment and products, how do we detect new vulnerabilities? And how can we—as manufacturers or asset owners—respond to new threats? In this talk hosted by Finite State Lead Software Engineer Jason Ortiz, we will examine why attackers love the huge attack surface presented by OT/IoT and the key challenges facing connected device manufacturers and asset owners. In this session, Jason will also explore the business impacts of product security and how product security is quickly becoming the biggest gap in many cybersecurity strategies.
Jason Ortiz, Lead Engineer, Finite State
Real World Examples: Detecting Threats from Industrial Process Data
Industrial process data and insights on normal baseline behavior reveal a lot about malware and network intrusions. In addition to combatting cybersecurity threats, the combination of data and process knowledge can head off problems like predictive maintenance and other opportunities to improve process efficiency.
In this presentation we look at anomaly detection techniques in a few cyber physical processes and how they can be used to detect 1) replay attacks 2) instrument failures 3) misconfigurations, etc. – all using real world, previous attack examples.
Sandeep Lota, Field CTO, Nozomi Networks
Refreshments and Snacks Served
Threat Story: Conti Ransomware and ICS
Ransomware attacks are a growing, and genuine threat to critical infrastructure. With indiscriminate and sophisticated attacks, the challenge of cyber security has gone beyond one that scalable by humans alone. In this session, Darktrace will demonstrate how its Self-Learning AI identifies resident and novel threats, as well as detects and responds to fast-moving attacks such as ransomware - regardless of the target. We’ll show how Self-Learning AI augments network visibility and anomaly detection to reduce time to meaning and protect OT and cyber physical systems from ransomware, sophisticated attacks, and other unusual causes of unexpected downtime. In particular, we’ll focus on how Darktrace detected and helped mitigate a Conti Ransomware attack that rapidly spread across both IT and OT, before damage was done.
Dr. Oakley Cox, Analyst Technical Director, Darktrace
Understanding and Defending Against PIPEDREAM, the seventh-known Industrial Control Systems (ICS)-specific malware
PIPEDREAM is the seventh-known Industrial Control Systems (ICS)-specific malware and the fifth malware specifically developed to disrupt industrial processes. It represents a clear and present threat to the availability, control, and safety of industrial control systems and processes. In this presentation, Dragos will share what we've discovered about PIPEDREAM and Chernovite, the threat group responsible for developing this malware. We will present key findings, an overview of impacted technology, as well as potential malware deployment scenarios. Finally, we will share practical guidance and examples that asset owners can employ to defend their most critical systems against not only Chernovite, but other adversaries intent on disrupting industrial control systems.
Sam Wilson, Product Manager, Dragos
How to Eat an Elephant – Strategies for Dealing with Vulnerability Overload
Heterogenous networks, outdated operating systems, patching limitations; there is no shortage of challenges when addressing vulnerabilities in OT/ICS security. But not all vulnerabilities are equal. How do you take on this never-ending challenge and “eat the elephant” by identifying, mitigating, or remediating vulnerabilities in your systems and networks? This session will address the strategies needed to decrease vulnerabilities and your attack surface.
Matt Sexton, Director, PAS Business Development, PAS
Wrap-UpDean Parsons, SANS Instructor & Subject Matter Expert